brielle
/
Firewall-SOSDG
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

More new options

master
bbruns 2010-08-24 01:46:31 +00:00
parent 97dd5fa6f0
commit 95c2688ea3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/functions
View File

@ -127,8 +127,10 @@ function apply_ipv4_hack {
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "$1" in case "$1" in
NS-IN-DDOS) NS-IN-DDOS)
# NS-IN-DDOS - Block DNS DDoS using NS/IN spoof, see:
# http://www.stupendous.net/archives/2009/01/24/dropping-spurious-nsin-recursive-queries/
display_c PURPLE " ./NS/IN-DDOS-FIX" display_c PURPLE " ./NS/IN-DDOS-FIX"
$IPTABLES -A INPUT -j DROP -p udp --dport domain -m u32 --u32 \ $IPTABLES -A INPUT -j DROP -p udp --dport 53 -m u32 --u32 \
"0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001" "0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001"
;; ;;
esac esac